关于NGINX配置HTTP/2的问题
因为使用TLS,决定升级一下H2,整了一个多点没什么头绪,访问仍然是HTTP/1.1配置文件server
{
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl on;
ssl_certificate ***;
ssl_certificate_key ***;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_session_cache shared:SSL:10m;ssl_stapling on;ssl_stapling_verify on;resolver 114.114.114.114 114.114.115.115 valid=300s;resolver_timeout 10s;ssl_prefer_server_ciphers on;ssl_dhparam /etc/ssl/certs/dhparam.pem; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options SAMEORIGIN;
server_name ciel.pro;
index index.html index.htm index.php default.html default.htm default.php;
root/home/wwwroot/ciel.pro;
include wordpress.conf;
#error_page 404 /404.html;
location ~ [^/]\.php(/|$)
{
#comment try_files $uri =404; to enable pathinfo
try_files $uri =404;
fastcgi_passunix:/tmp/php-cgi.sock;
fastcgi_index index.php;
include fastcgi.conf;
#include pathinfo.conf;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|woff)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /\.
{
deny all;
}
access_log/home/wwwlogs/ciel.pro.log;
}
server
{
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.ciel.pro;
ssl on;
ssl_certificate *****;
ssl_certificate_key *****;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_session_cache shared:SSL:10m;ssl_stapling on;ssl_stapling_verify on;resolver 114.114.114.114 114.114.115.115 valid=300s;resolver_timeout 10s;ssl_prefer_server_ciphers on;ssl_dhparam /etc/ssl/certs/dhparam.pem; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options SAMEORIGIN;
return 301 https://ciel.pro$request_uri;
}
server
{
listen 80;
listen [::]:80;
server_name ciel.pro www.ciel.pro;
return 301 https://ciel.pro$request_uri;
}
不知道哪位成功配置H2的dalao能指点下?
[ 本帖最后由 Ciel 于 2016-11-7 12:44 编辑 ] 在一些高版本的chrome 50或其他浏览器上是必须要求alpn才能支持到http2的,要开alpn需要是openssl 1.0.2的版本
alpn的支持需要在nginx编译时指定上 --with-openssl=openssl源码目录全路径
具体可以参考:https://bbs.vpser.net/thread-14702-1-1.html 其实就是OpenSSL版本不对而已!
页:
[1]